Where THis Training Has Been Taught (publicly & Privately)...

﻿Overview:﻿

"Software EXploitation Via Hardware EXploitation" or "SExViaHEx" (as we jokingly refer to it) teaches how to reverse engineer and exploit software on embedded systems via hardware. It teaches all this against real-world Commercial Off The Shelf (COTS) products such as routers, game systems, and other appliances. This course has an intense focus on results oriented vulnerability discovery (not just hardware hacking and tinkering for fun).

Students will be provided with a Lab manual and USB drive with the virtual machine and all software installed. Each student will be provided a lab kit for the duration of the class containing target embedded systems including wireless routers, NAS devices, android tablets, and embedded development boards, as well as tools for identifying and interfacing with test, debug, and peripheral interfaces including serial cables, bus pirates, logic analyzers, multimeters, jtag adapters, etc.

Unit 4: Invasive Firmware DumpingDiscuss destructive methods of firmware extraction and reasons why it might be necessary. Instructors will demonstrate removing and dumping a chip with a dedicated programmer.

Unit 5: Basic Firmware AnalysisIntroduce multiple procedures for firmware analysis, helpful tools, and easy exploits. In lab, participants will analyze and make minor modifications to exploit a firmware, and flash it back to the target device.

Unit 6: Intermediate Firmware AnalysisDiscuss further methods for extracting, modifying, and repackaging filesystem images. In lab, participants will manipulate the filesystem to add a backdoor to be remotely accessed.

Unit 7: Advanced Firmware AnalysisIntroduce tools for binary reverse engineering of executables found in firmware. In lab, participants will reverse engineer the firmware for a small game console and extract key elements.

Exploitation

Unit 1: Embedded ExploitationIntroduce common issues with embedded code on ARM. In lab, participants will identify and exploit vulnerabilities in code found on an embedded ARM device.